fix authentik logout url

Reviewed-on: #44
Co-authored-by: Simon <simonthiessen@posteo.de>
Co-committed-by: Simon <simonthiessen@posteo.de>

.env.sample

@@ -1,6 +1,7 @@
 TYPE=nextcloud
 TIMEOUT=900
 ENABLE_AUTO_UPDATE=true
+ENABLE_BACKUPS=true
 
 DOMAIN=nextcloud.example.com
 ## Domain aliases
@@ -44,6 +45,13 @@ DEFAULT_QUOTA="10 GB"
 # MAIL_DOMAIN=
 # SECRET_SMTP_PASSWORD_VERSION=v1
 
+## Customization
+# THEMING_COLOR=
+# THEMING_SLOGAN=
+# COPY_ASSETS="flow_background.jpg|app:/var/www/html/themes/"
+# COPY_ASSETS="$COPY_ASSETS icon_left_brand.svg|app:/var/www/html/themes/"
+# COPY_ASSETS="$COPY_ASSETS icon.png|app:/var/www/html/themes/"
+
 # APPS="calendar"
 
 # COLLABORA_URL=https://collabora.example.com

abra.sh

@@ -5,6 +5,7 @@ export NGINX_CONF_VERSION=v7
 export MY_CNF_VERSION=v5
 export ENTRYPOINT_VERSION=v3
 export CRONTAB_VERSION=v1
+export PG_BACKUP_VERSION=v1
 
 run_occ() {
     su -p www-data -s /bin/sh -c "/var/www/html/occ $@"
@@ -52,6 +53,27 @@ set_logfile_stdout() {
     set_system_config logfile '/dev/stdout'
 }
 
+customize() {
+    if [ -z "$1" ]
+    then
+            echo "Usage: ... customize <assets_path>"
+            exit 1
+    fi
+    asset_dir=$1
+    for asset in $COPY_ASSETS; do
+        source=$(echo $asset | cut -d "|" -f1)
+        target=$(echo $asset | cut -d "|" -f2)
+        echo copy $source to $target
+        abra app cp $APP_NAME $asset_dir/$source $target
+    done
+
+    abra app cmd -T $APP_NAME app set_app_config theming color \"$THEMING_COLOR\"
+    abra app cmd -T $APP_NAME app set_app_config theming slogan \"$THEMING_SLOGAN\"
+    abra app cmd -T $APP_NAME app run_occ '"theming:config background \"/var/www/html/themes/flow_background.jpg\""'
+    abra app cmd -T $APP_NAME app run_occ '"theming:config logo \"/var/www/html/themes/icon_left_brand.svg\""'
+    abra app cmd -T $APP_NAME app run_occ '"theming:config logoheader \"/var/www/html/themes/icon.png\""'
+}
+
 install_bbb() {
     install_apps bbb
     set_app_config bbb app.navigation true
@@ -89,6 +111,7 @@ set_authentik() {
     install_apps sociallogin
     AUTHENTIK_SECRET=$(cat /run/secrets/authentik_secret)
     AUTHENTIK_ID=$(cat /run/secrets/authentik_id)
+    set_system_config logo_url https://$AUTHENTIK_DOMAIN
     set_app_config sociallogin custom_providers "
 {
     \"custom_oidc\":[
@@ -99,7 +122,7 @@ set_authentik() {
         \"tokenUrl\": \"https://$AUTHENTIK_DOMAIN/application/o/token/\",
         \"displayNameClaim\":\"preferred_username\",
         \"userInfoUrl\": \"https://$AUTHENTIK_DOMAIN/application/o/userinfo/\",
-        \"logoutUrl\": \"https://$AUTHENTIK_DOMAIN/if/session-end/nextcloud/\",
+        \"logoutUrl\": \"https://$AUTHENTIK_DOMAIN/application/o/nextcloud/end-session/\",
         \"clientId\":\"$AUTHENTIK_ID\",
         \"clientSecret\":\"$AUTHENTIK_SECRET\",
         \"scope\":\"openid profile email nextcloud\",
@@ -121,3 +144,7 @@ set_authentik() {
     run_occ 'config:system:set allow_user_to_change_display_name --value=false'
     run_occ 'config:system:set lost_password_link --value=disabled'
 }
+
+disable_skeletondirectory() {
+    run_occ "config:system:set skeletondirectory --value ''"
+}

alaconnect.yml

@@ -5,7 +5,7 @@ authentik:
         - AUTHENTIK_DOMAIN
         - SECRET_AUTHENTIK_SECRET_VERSION
         - SECRET_AUTHENTIK_ID_VERSION
-    execute:
+    initial-hooks:
         - app set_authentik
     shared_secrets:
         nextcloud_secret: authentik_secret
@@ -15,10 +15,10 @@ onlyoffice:
         - compose.onlyoffice.yml
         - ONLYOFFICE_URL
         - SECRET_ONLYOFFICE_JWT_VERSION
-    execute:
+    initial-hooks:
         - app install_onlyoffice
 collabora:
     uncomment:
         - COLLABORA_URL
-    execute:
+    initial-hooks:
         - app install_collabora

compose.fulltextsearch.yml

@@ -2,7 +2,7 @@ version: "3.8"
 
 services:
   elasticsearch:
-    image: "docker.elastic.co/elasticsearch/elasticsearch:8.11.4"
+    image: "docker.elastic.co/elasticsearch/elasticsearch:8.15.0"
     environment:
       - cluster.name=docker-cluster
       - bootstrap.memory_lock=true
@@ -29,7 +29,7 @@ services:
         mode: 0600
 
   searchindexer:
-    image: nextcloud:29.0.1-fpm
+    image: nextcloud:28.0.10-fpm
     volumes:
       - nextcloud:/var/www/html/
       - nextapps:/var/www/html/custom_apps:cached

compose.mariadb.yml

@@ -28,10 +28,9 @@ services:
       - internal
     deploy:
       labels:
-          backupbot.backup: "true"
+        backupbot.backup.pre-hook: 'mysqldump --single-transaction -u root -p"$$(cat /run/secrets/db_root_password)" nextcloud > /var/lib/mysql/backup.sql'
-          backupbot.backup.pre-hook: 'mysqldump --single-transaction -u root -p"$$(cat /run/secrets/db_root_password)" nextcloud > /var/lib/mysql/backup.sql'
+        backupbot.backup.volumes.mariadb.path: "backup.sql"
-          backupbot.backup.post-hook: "rm -rf /var/lib/mysql/backup.sql"
+        backupbot.restore.post-hook: 'mysql -u root -p"$$(cat /run/secrets/db_root_password)" nextcloud < /var/lib/mysql/backup.sql'
-          backupbot.backup.path: "/var/lib/mysql/backup.sql"
     healthcheck:
       test: ["CMD-SHELL", 'mysqladmin -p"$$(cat /run/secrets/db_root_password)"  ping']
       interval: 30s

compose.postgres.yml

@@ -10,7 +10,7 @@ services:
       - NEXTCLOUD_UPDATE=1
 
   db:
-    image: "postgres:12"
+    image: "postgres:13"
     command: -c "max_connections=${MAX_DB_CONNECTIONS:-100}"
     volumes:
       - "postgres:/var/lib/postgresql/data"
@@ -29,10 +29,18 @@ services:
       retries: 5
     deploy:
       labels:
-            backupbot.backup: "true"
+        backupbot.backup.pre-hook: "/pg_backup.sh backup"
-            backupbot.backup.pre-hook: "PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /var/lib/postgresql/data/backup.sql"
+        backupbot.backup.volumes.postgres.path: "backup.sql"
-            backupbot.backup.post-hook: "rm -rf /var/lib/postgresql/data/backup.sql"
+        backupbot.restore.post-hook: '/pg_backup.sh restore'
-            backupbot.backup.path: "/var/lib/postgresql/data/"
+    configs:
+        - source: pg_backup
+          target: /pg_backup.sh
+          mode: 0555
 
 volumes:
   postgres:
+
+configs:
+  pg_backup:
+    name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION}
+    file: pg_backup.sh

compose.yml

@@ -1,7 +1,7 @@
 version: "3.8"
 services:
   web:
-    image: nginx:1.26.1
+    image: nginx:1.27.1
     depends_on:
       - app
     configs:
@@ -46,7 +46,7 @@ services:
       start_period: 5m
 
   app:
-    image: nextcloud:29.0.1-fpm
+    image: nextcloud:28.0.10-fpm
     depends_on:
       - db
     configs:
@@ -91,10 +91,12 @@ services:
         failure_action: rollback
         order: start-first
       labels:
-        - "coop-cloud.${STACK_NAME}.version=8.0.0+29.0.1-fpm"
+        - "coop-cloud.${STACK_NAME}.version=6.0.11+28.0.10-fpm"
         - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
-        - "backupbot.backup=true"
+        - "backupbot.backup=${ENABLE_BACKUPS:-true}"
-        - "backupbot.backup.path=/var/www/html/config/,/var/www/html/data/,/var/www/html/custom_apps/"
+        - "backupbot.backup.volumes.redis=false"
+       #- "backupbot.backup.volumes.nextcloud=false"
+
     healthcheck:
       test: ["CMD-SHELL", 'SCRIPT_NAME=status SCRIPT_FILENAME=/var/www/html/status.php REQUEST_METHOD=GET cgi-fcgi -bind -connect 127.0.0.1:9000 | grep "installed\":true"']
       interval: 30s
@@ -103,7 +105,7 @@ services:
       start_period: 15m
 
   cron:
-    image: nextcloud:29.0.1-fpm
+    image: nextcloud:28.0.10-fpm
     volumes:
       - nextcloud:/var/www/html/
       - nextapps:/var/www/html/custom_apps:cached
@@ -119,7 +121,7 @@ services:
 
 
   cache:
-    image: redis:7.2.5-alpine
+    image: redis:7.4.0-alpine
     networks:
       - internal
     volumes:

pg_backup.sh

@@ -0,0 +1,27 @@
+#!/bin/bash
+
+set -e
+
+BACKUP_FILE='/var/lib/postgresql/data/backup.sql'
+
+function backup {
+  export PGPASSWORD=$(cat /run/secrets/db_password)
+  pg_dump -U ${POSTGRES_USER} ${POSTGRES_DB} > $BACKUP_FILE
+}
+
+function restore {
+    cd /var/lib/postgresql/data/
+    # Don't allow any other connections than local
+    cp pg_hba.conf pg_hba.conf.bak
+    echo "local all all trust" > pg_hba.conf
+    su postgres -c 'pg_ctl reload'
+    # Recreate Database
+    psql -U ${POSTGRES_USER} -d postgres -c "DROP DATABASE ${POSTGRES_DB} WITH (FORCE);" 
+    createdb -U ${POSTGRES_USER} ${POSTGRES_DB}
+    psql -U ${POSTGRES_USER} -d ${POSTGRES_DB} -1 -f $BACKUP_FILE
+    # Restore allowed connections
+    cat pg_hba.conf.bak > pg_hba.conf
+    su postgres -c 'pg_ctl reload'
+}
+
+$@

release/9.1.0+29.0.5-fpm

@@ -0,0 +1 @@
+Added automated customization options. Config needs to be updated to be able to use it.